Legacy data systems present a red flag for GDPR compliance

Nearly a third of US and European CIOs can’t guarantee that they’d be able to find customer data, whilst over half said that assuring the locaton of test data would be a tough challenge
With less than a year to go until the General Data Protection Regulation (GDPR) becomes legally enforceable, organizations need to develop an accurate picture of where their data is and how they manage to achieve compliance. However, legacy data systems present a distinct challenge to establishing this visibility and to making the necessary changes.
The GDPR is specifically targeted at the swathe of personal data that many organizations now collect, and establishing where data is located is important for assigning responsibility under the new regulations. However, recent research from Compuware indicates that 30 per cent of European and US CIOs are unable to guarantee that they can find this data within their systems. Moreover, 53 per cent stressed that the data used in tests, which can include personal data, is particularly difficult to locate.
Under the GDPR, legacy systems will come under the same level of scrutiny as modern solutions. Unlike these streamlined solutions, however, legacy systems such as the mainframe can be notoriously opaque. They will often include myriad different data sources and use cases, from test data through to copies of production databases, that will all influence the storage of personal data. With decades of use and continuous development, these systems have often reached an intimidating level of complexity that makes it very difficult to establish which data is in the system and where it is – it is therefore unsurprising that so many CIOs can’t guarantee the location of customer data.
Moreover, legacy systems also make it difficult to make any necessary changes to comply with the GDPR. Applications within legacy systems are often very old, with many iterations and revisions to navigate. Moreover, access to source code is not always forthcoming, and even where it can be accessed, the age of these systems means there’s an ever-decreasing pool of IT professionals who are actually able to deal with it. If overhauls to the legacy system are required to work with personal data and attain GDPR compliance, this becomes a significant obstacle.
There are several options for those companies looking to make their legacy systems more manageable in order to ensure GDPR compliance, and OpenFrame helps customers lift those applications off the mainframe onto an opensystem, that then allows customers to more easily navigate, develop and modernize the use of the applications. These legacy systems represent a distinct threat to any organization which wishes to avoid GDPR fines of up to €20 million or 4 per cent of global turnover. The new regulation will force CIO’s to assess this threat and take appropriate actions.
Openframe provides a platform that gives customers the quickest and lowest risk route in getting applications and data off the mainframe allowing for a much smoother and easier assessment of GDPR compliance and a platform for dealing with that risk.